Cyber Resilience

CVE-2022-4888

MediumPublic PoC

Published: 31 July 2023

Published
31 July 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.0036 58.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4888 is a medium-severity an unspecified weakness vulnerability in Addify Abandoned Cart Recovery. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 41.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free…

more

Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

addify
abandoned cart recovery
≤ 1.2.5
addify
advanced free gifts
≤ 1.0.2
addify
checkout fields manager
≤ 1.0.2
addify
custom fields for woocommerce
≤ 1.0.4
addify
custom order number
≤ 1.0.1
addify
custom registration forms builder
≤ 1.0.2
addify
gift registry for woocommerce
≤ 1.0.1
addify
image watermark for woocommerce
≤ 1.0.1
addify
order approval for woocommerce
≤ 1.1.0
addify
order tracking for woocommerce
≤ 1.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References